https://stackoverflow.com/questions/22287261
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianHere
$email = mysqli->real_escape_string($e);
You forgot $
$email = $mysqli->real_escape_string($e);
and
$password = mysqli->real_escape_string($p);
to
$password = $mysqli->real_escape_string($p);
mysqli connect and select from database error
-
12-06-2023 - |
質問
I recently started using mysqli_ to connect to my database because of the concern of sql injection and lack of security. I'm trying to reconfigure my login page with mysqli from mysql but the page just won't load and I'm not sure why. Thanks in advance for any help.
Here is my code:
<?php
$mysqli = new mysqli("localhost", "username", "password", "db");
if($mysqli->connect_errno > 0){
die('Unable to connect to database [' . $mysqli->connect_error . ']');
}
if (!isset($_SESSION['email'])) {
$e = trim($_REQUEST['email']);
$email = mysqli->real_escape_string($e);
$p = trim($_REQUEST['password']);
$password = mysqli->real_escape_string($p);
if ($result = $mysqli->query("SELECT email, password" .
" FROM users" .
" WHERE email = '".$email."' AND password = '".$password."'")) {
printf("Select returned %d rows.\n", $result->num_rows);
if ($result->num_rows == 1) {
$row = $result->fetch_array(MYSQLI_NUM);
$user_id = $ow['user_id'];
//No more setcookie
$_SESSION['user_id'] = $user_id;
$_SESSION['email'] = $email;
}
/* free result set */
$result->close();
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<form id="signin_form"
action="<?php echo $_SERVER['PHP_SELF']; ?>"
method="POST">
<div class="signin_box">
<label for="email">Email or Username:</label><br>
<input type="text" name="email" id="email" size="30" />
<br />
<label for="password">Password:</label>
<input type="password" name="password" id="password" size="30" />
<br />
<span class="signin_submit">
<input type="submit" value="Sign In" class="signin_submit" />
</span>
</div>
</form>
</body>
</html>
解決
所属していません StackOverflow
